How to Set up Coturn TURN Server for Spreed WebRTC

Coturn is a free and open-source TURN and STUN server for VoIP and WebRTC. In a previous tutorial, we discussed how to install Spreed WebRTC server and how to integrate Spreed WebRTC with NextCloud.

But there’s a problem: WebRTC won’t work if users are behind different NAT devices. It will be blocked. To traverse NAT, we need to set up a TURN server as a relay between Web browsers. TURN stands for Traversal Using Relays around NAT. How it works is beyond the scope of this tutorial.

This tutorial is going to show you how to set up coturn, an open-source implementation of TURN, on Ubuntu and how to connect Spreed WebRTC to coturn.

Note: To reduce latency, the TURN server should be close to users and be aware that TURN server consumes lots of bandwidth as it will rely both audio and video. Coturn can be on the same machine with Spreed WebRTC or on another machine that is not behind NAT.

Install Coturn Server on Ubuntu

Coturn is available from the Ubuntu repository, so install it with the following command:

sudo apt install coturn

Once it’s installed, it will be automatically started. You can check its status with:

systemctl status coturn

Sample Output:

If it isn’t running, then manually start it with:

sudo systemctl start coturn

And also enable auto-start at boot time:

sudo systemctl enable coturn

Configure Coturn for Spreed WebRTC

Edit the main configuration file.

sudo nano /etc/turnserver.conf

By default, all lines in this file are commented out. Below is an example configuration that you can copy and paste into your file.

• Replace your-domain.com with the domain name for your NextCloud or Spreed WebRTC.
• Replace 12.34.56.78 with the server public IP address.
• Set a long and secure authenticate secret. (You can use the openssl rand -base64 20 command to generate a random string.)

# Run as TURN server only, all STUN requests will be ignored.
no-stun

# Specify listening port. Change to 80 or 443 to go around some strict NATs.
listening-port=8443
tls-listening-port=5349

# Specify listening IP, if not set then Coturn listens on all system IPs. 
listening-ip=12.34.56.78
relay-ip=12.34.56.78

### The following lines enable support for WebRTC ###
# Use fingerprints in the TURN messages.
fingerprint
# Use long-term credentials mechanism
lt-cred-mech
realm=your-domain.com

# Authentication method
use-auth-secret
static-auth-secret=your-auth-secret

total-quota=100

# Total bytes-per-second bandwidth the TURN server is allowed to allocate
# for the sessions, combined (input and output network streams are treated separately).
bps-capacity=0

# This line provides extra security.
stale-nonce

log-file=/var/log/turnserver/turn.log
no-loopback-peers
no-multicast-peers

Save and close the file. Then restart coturn server with:

sudo systemctl restart coturn

Coturn runs as the turnserver user. Run the following command and you should see it’s listening on port 8443.

sudo ss -lnpt | grep turnserver

Now let’s edit Spreed WebRTC configuration file.

sudo nano /etc/spreed/server.conf

Add the following two lines in the [app] section. Replace red-text accordingly.

turnURIs = turn:coturn-server-ip:8443?transport=udp

turnSecret = your-auth-secrect

Save and close the file. Then restart Spreed WebRTC docker container with

sudo docker restart my-spreed-webrtc

or run the following command if you installed Spreed via Ubuntu PPA.

sudo systemctl restart spreed-webrtc

Once Coturn is running and Spreed WebRTC is restarted, users who are behind NAT should be able to use audio/video calls normally.

Open Ports in the Firewall

You should open TCP and UDP port 8843 in the firewall for Coturn to work. If you use the UFW firewall, run the following commands.

sudo ufw allow 8443/tcp
sudo ufw allow 8443/udp

Wrapping Up

That’s it! I hope this tutorial helped you install coturn server for Spreed WebRTC. As always, if you found this post useful, then subscribe to our free newsletter. You can also follow us on Google+,  Twitter or like our Facebook page.